CN108366049B - Method for implementing isomerous function equivalent executive body - Google Patents
Method for implementing isomerous function equivalent executive body Download PDFInfo
- Publication number
- CN108366049B CN108366049B CN201810036160.XA CN201810036160A CN108366049B CN 108366049 B CN108366049 B CN 108366049B CN 201810036160 A CN201810036160 A CN 201810036160A CN 108366049 B CN108366049 B CN 108366049B
- Authority
- CN
- China
- Prior art keywords
- execution
- key component
- heterogeneous
- executive body
- subset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of network security, and particularly relates to a method for realizing an equivalent executive body with heterogeneous functions, which comprises the steps of firstly dividing the executive body into a key group molecular set and a non-key component subset according to the running logic function of the executive body, and isomerizing the key component subset; then, a specific function area is constructed in a hardware or software mode; and finally, deploying redundant heterogeneous executors with equivalent functions, placing the key component subsets of the heterogeneous executors with equivalent functions in different specific function areas for execution, and setting different implementation schemes for the specific function areas according to different safety requirements of users. The method is suitable for the executive body scene with simple functional structure, especially suitable for the executive body scene with complex functional structure, and protects the executive body from being attacked by malicious software.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a method for realizing a heterogeneous function equivalent executive.
Background
With the continuous development and popularization of network devices and services, people have stronger dependence on network space, and the importance of network security is more and more prominent. In the traditional network space field, the attribute of external representation of the equipment and the device (including software and hardware) which complete the specific service function is static and definite, and the corresponding relationship strongly related to the internal structure exists, and an attacker can master the specific information in the equipment and the device to a certain extent by collecting and analyzing the representation content and the corresponding relationship, and can possibly discover available bugs or defects, thereby implementing intrusion and threatening the security of the network space.
The mimicry defense architecture is a new technology for dealing with network attack threats, and intrusion defense aiming at unknown system bugs or backdoors can be realized by constructing a dynamic heterogeneous redundant system architecture and an operation mechanism. One of the keys that the mimicry defense architecture has endogenous security is heterogeneous, as a functional main body of the system for responding to an external service request, only heterogeneous functional equivalents can avoid simultaneous attack by an attacker at the same time or in the same scene, and the "heterogeneous" is the basis that the functional equivalents avoid the simultaneous sniffing and utilization of system vulnerability defects by the attacker.
However, in practical application, some executors have complicated functional structures, and it is difficult to construct heterogeneous executors with equivalent functions, which brings great difficulty to construct a highly reliable and secure computer information system.
Disclosure of Invention
In order to solve the technical problems that in practical application, a heterogeneous redundant function equivalent execution body is required to be constructed for constructing a computer information system with high reliability and high safety, which increases the implementation difficulty and the deployment cost, the invention aims to provide an implementation method of the heterogeneous function equivalent execution body, the method is suitable for an execution body scene with a simple function structure, especially suitable for an execution body scene with a complex function structure, and the execution body is protected from being attacked by malicious software.
In order to achieve the purpose, the invention adopts the following technical scheme:
the invention provides a method for realizing an equivalent executive body with heterogeneous functions, which comprises the following steps:
dividing the logic function into a key component subset and a non-key component subset according to the operation of an executive body, and isomerizing the key component subset;
constructing a specific functional area in a hardware or software mode;
the method comprises the steps of deploying redundant heterogeneous executors with equivalent functions, placing key component subsets of the heterogeneous executors with equivalent functions in different specific function areas for execution, and setting different implementation schemes for the specific function areas according to different safety requirements of users.
Further, the elements of the key component subset are core components that are implicit in the execution body or are additional to the execution body and do not affect the execution body functional components; the subset of the critical component is in the position of being not capable of being bypassed in the execution logic of the execution body where the subset of the critical component is located under the condition that the subset of the critical component is not modified.
Further, the elements of the critical component subset include that the elements in the subset are critical nodes in the execution volume data flow graph or are necessary conditions for triggering the execution volume to perform critical state migration.
Further, the creator of the specific functional area has direct access to it, the creator authorizes other entities to have limited access to the functional area, and non-authorized entities have no access to the functional area.
Further, placing the key component subsets of functionally equivalent heterogeneous executables into different specific functional regions for execution includes the following two cases:
in case one, for an execution body scene with a simple functional structure, an execution body is completely or partially placed in a specific functional area;
in case two, for an execution body scene with a complex functional structure, the key components of the execution body are analyzed firstly, then the execution body is placed in a specific functional area for execution, and the rest components are placed in a common execution environment for execution.
Furthermore, different implementation schemes are set for specific function areas, and a mode of isomorphic implementation or heterogeneous implementation is adopted; adopting physical isolation deployment or logic isolation deployment for the deployment scheme of the specific functional area; the access right to a specific functional area adopts a direct access right or a limited access right.
Compared with the prior art, the invention has the following advantages:
the invention realizes the isomerism of the executive body by isomerizing the key component subsets of the executive body, places the key component subsets of each executive body in a specific function area for execution, and sets different implementation schemes for the function area according to different safety requirements of users; the method is suitable for the execution body scene with simple function structure, especially suitable for the execution body scene with complex function structure, and has wide application range; the invention arranges the key component subset of the executive body in a specific functional area for execution, and can reduce the isomerization realization cost of the functional equivalent redundant executive body, thereby protecting the executive body from being attacked by malicious software.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed in the prior art and the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a schematic diagram of the structure of a heterogeneous functionally equivalent executive of the present invention;
fig. 2 is a flowchart illustrating an implementation method of a heterogeneous function equivalent executor according to an embodiment;
fig. 3 is a schematic flowchart of a method for implementing an SGX-based heterogeneous functional equivalent executor according to the second embodiment;
fig. 4 is a flowchart illustrating a method for implementing a heterogeneous function equivalent executor based on a CPU + heterogeneous computing platform according to a third embodiment.
Detailed Description
The core of the invention is to provide a method for realizing the isomeric functional equivalent executive body, which can reduce the isomerization realization cost of the functional equivalent redundant executive body and protect the executive body from being attacked by malicious software.
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without any creative efforts shall fall within the protection scope of the present invention.
In a first embodiment, as shown in fig. 1 and fig. 2, this embodiment provides a method for implementing a heterogeneous function equivalent executor, where the method includes:
step S201, dividing the executive body into a key group molecular set and a non-key group subset according to the operation logic function of the executive body, and enabling a user to realize isomerism of the executive body through isomerisation of the key group subset;
preferably, the elements of the key component subset are core components implicit in the executive or are additional components above the executive without affecting the executive's functionality; the subset of the critical component is in the position of being not capable of being bypassed in the execution logic of the execution body where the subset of the critical component is located under the condition that the subset of the critical component is not modified.
It is to be understood that the elements of the critical component subset may be critical nodes in the execution volume dataflow graph for the elements in the subset, or necessary conditions for triggering the execution volume to perform critical state transitions.
Step S202, constructing a specific function area in a hardware or software mode;
preferably, the creator of a particular functional area has direct access rights to it, including read, write, execute, etc., to which the creator may authorize other entities to have limited access rights, while non-authorized entities have no access rights.
It is understood that the unauthorized entity includes an operating system, a virtual machine monitor, and the like.
It is to be understood that particular functional areas are isolated from the general execution environment, including but not limited to, physically or logically, and that particular functional areas are isolated from each other, including but not limited to, physically or logically.
Step S203, a redundant heterogeneous executive body with equivalent functions is deployed, the key component subsets of the heterogeneous executive body with equivalent functions are arranged in different specific function areas for execution, the non-key component subsets are arranged in a common execution environment for execution, and different implementation schemes are set for the specific function areas according to different safety requirements of users.
Preferably, the key component subsets of functionally equivalent heterogeneous executables are placed into different specific functional regions for execution, including the following two cases: in case one, for an execution body scene with a simple functional structure, an execution body is completely or partially placed in a specific functional area; in case two, for an execution body scene with a complex functional structure, the key components of the execution body are analyzed firstly, then the execution body is placed in a specific functional area for execution, and the rest components are placed in a common execution environment for execution.
It is understood that different embodiments are set for specific functional regions including, but not limited to, the manner of homogeneous implementation and heterogeneous implementation; deployment scenarios for a particular functional region include, but are not limited to, physically isolated deployments and logically isolated deployments; access rights to a particular functional area include, but are not limited to, direct access rights and limited access rights.
The method is suitable for an executive body scene with a simple functional structure, particularly for an executive body scene with a complex functional structure, can reduce the isomerization realization cost of a functional equivalent redundant executive body, places the key component subset of the executive body in the specific functional area for execution, protects the executive body from being attacked by malicious software, and provides guarantee for system safety.
For a more detailed and clear understanding of the present invention, the following two isomerization examples (example two and example three) of functionally equivalent executions are given for different security requirements of users, taking the implementation of specific functional areas as an example. The implementation scheme of the specific function area can be realized by isomorphic redundancy or heterogeneous redundancy, for a user with low security level, the implementation scheme of the specific function area adopts an isomorphic implementation mode, and the second embodiment provides a heterogeneous function equivalent executive body implementation method based on SGX; for a user with high security level, the implementation scheme of a specific functional area adopts a heterogeneous implementation mode, and the third embodiment provides a heterogeneous function equivalent execution body implementation method based on a CPU + heterogeneous computing platform. The deployment schemes for the specific functional area include but are not limited to physical isolation deployment and logical isolation deployment, and the access rights for the specific functional area include but are not limited to direct access rights and limited access rights, which are not distinguished herein.
In a second embodiment, as shown in fig. 3, a method for implementing an SGX-based heterogeneous functional equivalent executor includes the following steps:
step S301, carrying out modeling abstraction according to the operation logic function of the executive body, and analyzing according to the principle of minimizing the key component subset to obtain a key component subset, wherein elements in the key component subset can be key modules for extracting the operation logic of the executive body internally, or modules which do not influence the normal functions of the executive body and are added at IO interfaces outside the executive body;
step S302, judging the component type of the executive body, if the executive body is a non-key component subset, turning to step S303, and if the executive body is a key component subset, turning to step S304;
step S303, putting the elements into a common execution environment for execution;
step S304, deploying redundant functional equivalent executors, and isomerizing the key component subsets in each executer;
step S305, generating and encrypting the key component subsets of each executive body by using a key encryption method, and loading the key component subsets into an encryption program loader;
step S306, constructing enclave for the key component subset application of each executive in the trusted mode and decrypting the key component subset of the executive through the key certificate;
step S307, judging whether the decrypted key component subset of the executive is credible through the instruction, if so, turning to step S308, and if not, turning to step S309;
step S308, loading the key component subset into enclave for execution;
step S309, refusing to load into enclave.
In a third embodiment, as shown in fig. 4, a method for implementing a heterogeneous function equivalent executive based on a CPU + heterogeneous computing platform includes the following steps:
step S401, carrying out modeling abstraction according to the operation logic function of the executive body, and analyzing according to the principle of minimizing the key component subset to obtain a key component subset, wherein elements in the key component subset can be key modules for extracting the operation logic of the executive body internally, or modules which do not influence the normal functions of the executive body and are added at IO interfaces outside the executive body;
step S402, judging the component type of the executive body, if the executive body is a non-key component subset, turning to step S403, and if the executive body is a key component subset, turning to step S404;
step S403, putting the elements thereof into a common execution environment for execution;
step S404, deploying redundant function equivalent executors, and isomerizing the key component subsets in each executer;
step S405, different heterogeneous computing platforms are built, and the key component subsets of the execution bodies are placed in different heterogeneous computing platforms for execution. The computing platform includes a Central Processing Unit (CPU), a Network Processor (NP), or a combination of the CPU and the NP. The processor may further include a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof.
It should be noted that, in the present specification, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (5)
1. A method for implementing a heterogeneous function equivalent executor is characterized by comprising the following steps:
dividing the logic function into a key component subset and a non-key component subset according to the operation of an executive body, and isomerizing the key component subset; under the condition that the key component subset is not modified, the key component subset is in an irreversable position in the execution body operation logic where the key component subset is located, modeling abstraction is carried out according to the execution body operation logic function, the key component subset is obtained through analysis according to the principle of minimizing the key component subset, and elements of the key component subset are core components hidden in the execution body or are attached to the execution body and do not influence the execution body function components;
constructing a specific functional area in a hardware or software mode;
the method comprises the steps of deploying redundant heterogeneous executors with equivalent functions, placing key component subsets of the heterogeneous executors with equivalent functions in different specific function areas for execution, and setting different implementation schemes for the specific function areas according to different safety requirements of users.
2. The method of claim 1, wherein the elements of the key component subset include a necessary condition that the elements in the subset are key nodes in the execution volume dataflow graph or trigger the execution volume to perform the key state migration.
3. The method as claimed in claim 1, wherein the creator of the specific functional area has direct access right to the specific functional area, and the creator authorizes other entities to have limited access right to the functional area, and non-authorized entities have no access right to the functional area.
4. The method for implementing a heterogeneous functionally equivalent executive according to claim 1, wherein the key component subsets of the functionally equivalent heterogeneous executive are placed in different specific functional areas for execution, and the following two cases are included:
in case one, for an execution body scene with a simple functional structure, an execution body is completely or partially placed in a specific functional area;
in case two, for an execution body scene with a complex functional structure, the key components of the execution body are analyzed firstly, then the execution body is placed in a specific functional area for execution, and the rest components are placed in a common execution environment for execution.
5. The method for implementing an equivalent execution body with heterogeneous functions as claimed in claim 1, wherein different embodiments are set for specific functional areas, and the modes of isomorphic implementation or heterogeneous implementation are adopted; adopting physical isolation deployment or logic isolation deployment for the deployment scheme of the specific functional area; the access right to a specific functional area adopts a direct access right or a limited access right.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810036160.XA CN108366049B (en) | 2018-01-15 | 2018-01-15 | Method for implementing isomerous function equivalent executive body |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810036160.XA CN108366049B (en) | 2018-01-15 | 2018-01-15 | Method for implementing isomerous function equivalent executive body |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108366049A CN108366049A (en) | 2018-08-03 |
| CN108366049B true CN108366049B (en) | 2020-08-18 |
Family
ID=63006225
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810036160.XA Active CN108366049B (en) | 2018-01-15 | 2018-01-15 | Method for implementing isomerous function equivalent executive body |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108366049B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109525594B (en) * | 2018-12-24 | 2021-03-23 | 中国人民解放军战略支援部队信息工程大学 | Back-door deployment method and device in heterogeneous redundant network |
| CN109818951B (en) * | 2019-01-18 | 2021-08-03 | 中国人民解放军战略支援部队信息工程大学 | Functional equivalent executive body reliability assessment method and device |
| CN110011965B (en) * | 2019-02-28 | 2021-09-24 | 中国人民解放军战略支援部队信息工程大学 | Execution body complete non-uniform output arbitration method and device based on credibility |
| CN110611672B (en) * | 2019-09-17 | 2021-08-13 | 中国人民解放军战略支援部队信息工程大学 | Network space safety protection method, server equipment, node equipment and system |
| CN112181433B (en) * | 2020-10-16 | 2023-09-26 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Compiling, running and managing method and system of mimicry multimode mixed execution body |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106411937A (en) * | 2016-11-15 | 2017-02-15 | 中国人民解放军信息工程大学 | Mimicry defense architecture based zero-day attack detection, analysis and response system and method thereof |
| CN106534063A (en) * | 2016-09-27 | 2017-03-22 | 上海红阵信息科技有限公司 | Device, method and apparatus for encapsulating heterogeneous function equivalent bodies |
| CN106549935A (en) * | 2016-09-27 | 2017-03-29 | 上海红阵信息科技有限公司 | A kind of isomery function equivalence body generating means and method |
| CN106656834A (en) * | 2016-11-16 | 2017-05-10 | 上海红阵信息科技有限公司 | IS-IS routing protocol heterogeneous function equivalent body parallel normalization device and method |
| CN106878254A (en) * | 2016-11-16 | 2017-06-20 | 国家数字交换系统工程技术研究中心 | Improve the method and device of DNS securities of system |
| CN107347066A (en) * | 2017-07-05 | 2017-11-14 | 中国人民解放军信息工程大学 | A kind of function equivalence body isomery degree maximizes dispatching method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9940226B2 (en) * | 2016-05-26 | 2018-04-10 | International Business Machines Corporation | Synchronization of hardware agents in a computer system |
-
2018
- 2018-01-15 CN CN201810036160.XA patent/CN108366049B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106534063A (en) * | 2016-09-27 | 2017-03-22 | 上海红阵信息科技有限公司 | Device, method and apparatus for encapsulating heterogeneous function equivalent bodies |
| CN106549935A (en) * | 2016-09-27 | 2017-03-29 | 上海红阵信息科技有限公司 | A kind of isomery function equivalence body generating means and method |
| CN106411937A (en) * | 2016-11-15 | 2017-02-15 | 中国人民解放军信息工程大学 | Mimicry defense architecture based zero-day attack detection, analysis and response system and method thereof |
| CN106656834A (en) * | 2016-11-16 | 2017-05-10 | 上海红阵信息科技有限公司 | IS-IS routing protocol heterogeneous function equivalent body parallel normalization device and method |
| CN106878254A (en) * | 2016-11-16 | 2017-06-20 | 国家数字交换系统工程技术研究中心 | Improve the method and device of DNS securities of system |
| CN107347066A (en) * | 2017-07-05 | 2017-11-14 | 中国人民解放军信息工程大学 | A kind of function equivalence body isomery degree maximizes dispatching method and device |
Non-Patent Citations (1)
| Title |
|---|
| 一种基于托架的自蜕变主动防御网络框架;吴承荣等;《信息安全学报》;20161015;第1卷(第4期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108366049A (en) | 2018-08-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108366049B (en) | Method for implementing isomerous function equivalent executive body | |
| US20230231872A1 (en) | Detection of and protection from malware and steganography | |
| US20240098097A1 (en) | Secure over-the-air updates | |
| US9989043B2 (en) | System and method for processor-based security | |
| JP6142027B2 (en) | System and method for performing protection against kernel rootkits in a hypervisor environment | |
| US9729579B1 (en) | Systems and methods for increasing security on computing systems that launch application containers | |
| US8788763B2 (en) | Protecting memory of a virtual guest | |
| EP2207121B1 (en) | Protecting content on virtualized client platforms | |
| US8782351B2 (en) | Protecting memory of a virtual guest | |
| US10592678B1 (en) | Secure communications between peers using a verified virtual trusted platform module | |
| US11062021B2 (en) | Systems and methods for preventing malicious applications from exploiting application services | |
| US20170090821A1 (en) | User mode heap swapping | |
| US10250588B1 (en) | Systems and methods for determining reputations of digital certificate signers | |
| Patil et al. | An exhaustive survey on security concerns and solutions at different components of virtualization | |
| KR20210068035A (en) | Techniques for protecting selected disks in computer systems | |
| JP2022541796A (en) | Secure runtime system and method | |
| Elnaggar et al. | Multi-tenant FPGA-based reconfigurable systems: Attacks and defenses | |
| Wong et al. | Threat modeling and security analysis of containers: A survey | |
| Yalew et al. | Hail to the Thief: Protecting data from mobile ransomware with ransomsafedroid | |
| Peddoju et al. | File integrity monitoring tools: Issues, challenges, and solutions | |
| KR20210068444A (en) | Techniques for controlling the installation of unauthorized drivers on computer systems | |
| Kaczmarek et al. | Operating system security by integrity checking and recovery using write‐protected storage | |
| Kallath | Trust in trusted computing–the end of security as we know it | |
| Zhao et al. | The application of virtual machines on system security | |
| CN107305607B (en) | One kind preventing the independently operated method and apparatus of backstage rogue program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |